Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found 1 articles for you...
197
security advisoryupdatecode executionDebian 11: DLA-4203-1 urgent: kitty code execution vulnerability fix
A vulnerability has been found in kitty, a fast, featureful, GPU based terminal emulator, which possible allows arbitrary code execution. CVE-2022-41322 . ------------------------------------------------------------------------- Debian LTS Advisory DLA-4203-1
Jun 01, 2025
•Critical
Debian LTS
89
security advisoryupdateFedoraFedora 40: kitty 2025-2fe21e3da5 Security Advisory Updates
Update to 0.40.0 https://sw.kovidgoyal.net/kitty/changelog/#detailed-list-of-changes. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2025-2fe21e3da5 2025-03-22 02:25:37.605934+00:00 -------------------------------------------------------------------------------- Name : kitty Product : Fedora 40 Version : 0.40.0 Release : 2.fc40 URL : https://sw.kovidgoyal.net/kitty Summary : Cross-platform, fast, feature full, GPU based terminal emulator Description : - Offloads rendering to the GPU for lower system load and buttery smooth scrolling. Uses threaded rendering to minimize input latency. - Supports all modern terminal features: graphics (images), unicode, true-color, OpenType ligatures, mouse protocol, focus tracking, bracketed paste and several new terminal protocol extensions. - Supports tiling multiple terminal windows side by side in different layouts without needing to use an extra program like tmux. - Can be controlled from scripts or the shell prompt, even over SSH. - Has a framework for Kittens, small terminal programs that can be used to extend kitty's functionality. For example, they are used for Unicode input, Hints and Side-by-side diff. - Supports startup sessions which allow you to specify the window/tab layout, working directories and programs to run on startup. - Cross-platform: kitty works on Linux and macOS, but because it uses only OpenGL for rendering, it should be trivial to port to other Unix-like platforms. - Allows you to open the scrollback buffer in a separate window using arbitrary programs of your choice. This is useful for browsing the history comfortably in a pager or editor. - Has multiple copy/paste buffers, like vim. -------------------------------------------------------------------------------- Update Information: Update to0.40.0 https://sw.kovidgoyal.net/kitty/changelog/#detailed-list-of-changes -------------------------------------------------------------------------------- ChangeLog: * Sat Mar 8 2025 Pavel Solovev - 0.40.0-1 - Update to 0.40.0 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2352088 - CVE-2025-22870 kitty: HTTP Proxy bypass using IPv6 Zone IDs in golang.org/x/net [fedora-40] https://bugzilla.redhat.com/show_bug.cgi?id=2352088 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-2fe21e3da5' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
Mar 22, 2025
•Critical
Fedora
89
security advisoryFedoramoderate severityFedora 39: FEDORA-2024-c7b79bc227 Moderate: Kitty Rendering Improvements
rebuild for rhbz#2292712. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2024-c7b79bc227 2024-06-29 01:41:49.506039 -------------------------------------------------------------------------------- Name : kitty Product : Fedora 39 Version : 0.31.0 Release : 3.fc39 URL : https://sw.kovidgoyal.net/kitty Summary : Cross-platform, fast, feature full, GPU based terminal emulator Description : - Offloads rendering to the GPU for lower system load and buttery smooth scrolling. Uses threaded rendering to minimize input latency. - Supports all modern terminal features: graphics (images), unicode, true-color, OpenType ligatures, mouse protocol, focus tracking, bracketed paste and several new terminal protocol extensions. - Supports tiling multiple terminal windows side by side in different layouts without needing to use an extra program like tmux. - Can be controlled from scripts or the shell prompt, even over SSH. - Has a framework for Kittens, small terminal programs that can be used to extend kitty's functionality. For example, they are used for Unicode input, Hints and Side-by-side diff. - Supports startup sessions which allow you to specify the window/tab layout, working directories and programs to run on startup. - Cross-platform: kitty works on Linux and macOS, but because it uses only OpenGL for rendering, it should be trivial to port to other Unix-like platforms. - Allows you to open the scrollback buffer in a separate window using arbitrary programs of your choice. This is useful for browsing the history comfortably in a pager or editor. - Has multiple copy/paste buffers, like vim. -------------------------------------------------------------------------------- Update Information: rebuild for rhbz#2292712 -------------------------------------------------------------------------------- ChangeLog: * Thu Jun 20 2024 Pavel Solovev -0.31.0-3 - rebuild for rhbz#2292712 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2024-c7b79bc227' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
Jun 29, 2024
Fedora
89
security advisoryupdateFedoraFedora 39 Kitty Update: 2024-25b47765c6 Critical CVE-2023-36308 Fix
fix CVE-2023-36308. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2024-25b47765c6 2024-06-03 01:07:03.304526 -------------------------------------------------------------------------------- Name : kitty Product : Fedora 39 Version : 0.31.0 Release : 2.fc39 URL : https://sw.kovidgoyal.net/kitty Summary : Cross-platform, fast, feature full, GPU based terminal emulator Description : - Offloads rendering to the GPU for lower system load and buttery smooth scrolling. Uses threaded rendering to minimize input latency. - Supports all modern terminal features: graphics (images), unicode, true-color, OpenType ligatures, mouse protocol, focus tracking, bracketed paste and several new terminal protocol extensions. - Supports tiling multiple terminal windows side by side in different layouts without needing to use an extra program like tmux. - Can be controlled from scripts or the shell prompt, even over SSH. - Has a framework for Kittens, small terminal programs that can be used to extend kitty's functionality. For example, they are used for Unicode input, Hints and Side-by-side diff. - Supports startup sessions which allow you to specify the window/tab layout, working directories and programs to run on startup. - Cross-platform: kitty works on Linux and macOS, but because it uses only OpenGL for rendering, it should be trivial to port to other Unix-like platforms. - Allows you to open the scrollback buffer in a separate window using arbitrary programs of your choice. This is useful for browsing the history comfortably in a pager or editor. - Has multiple copy/paste buffers, like vim. -------------------------------------------------------------------------------- Update Information: fix CVE-2023-36308 -------------------------------------------------------------------------------- ChangeLog: * Sat May 25 2024 Pavel Solovev - 0.31.0-2 -switch to a maintained fork of imaging (fixes CVE-2023-36308) * Sat May 25 2024 Pavel Solovev - 0.31.0-1 - Revert "Update to 0.32.0" * Fri Jan 19 2024 Pavel Solovev - 0.32.0-1 - Update to 0.32.0 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2024-25b47765c6' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
Jun 03, 2024
•Critical
Fedora
89
security advisoryupdatebuffer overflowFedora 39: 2023-ab43e2ce21 Critical: Kitty Buffer Overflow Resolution
rebuild against golang-x-image 0.13.0 ---- version 0.30.1 ---- fix overflow when GLFW_IM_MODULE=ibus is set and ibus is not running ---- split out kitten clarify licenses for subpackages. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2023-ab43e2ce21 2023-10-31 00:04:53.921246 -------------------------------------------------------------------------------- Name : kitty Product : Fedora 39 Version : 0.30.1 Release : 2.fc39 URL : https://sw.kovidgoyal.net/kitty/ Summary : Cross-platform, fast, feature full, GPU based terminal emulator Description : - Offloads rendering to the GPU for lower system load and buttery smooth scrolling. Uses threaded rendering to minimize input latency. - Supports all modern terminal features: graphics (images), unicode, true-color, OpenType ligatures, mouse protocol, focus tracking, bracketed paste and several new terminal protocol extensions. - Supports tiling multiple terminal windows side by side in different layouts without needing to use an extra program like tmux. - Can be controlled from scripts or the shell prompt, even over SSH. - Has a framework for Kittens, small terminal programs that can be used to extend kitty's functionality. For example, they are used for Unicode input, Hints and Side-by-side diff. - Supports startup sessions which allow you to specify the window/tab layout, working directories and programs to run on startup. - Cross-platform: kitty works on Linux and macOS, but because it uses only OpenGL for rendering, it should be trivial to port to other Unix-like platforms. - Allows you to open the scrollback buffer in a separate window using arbitrary programs of your choice. This is useful for browsing the history comfortably in a pager or editor. - Has multiple copy/paste buffers, like vim. -------------------------------------------------------------------------------- UpdateInformation: rebuild against golang-x-image 0.13.0 ---- version 0.30.1 ---- fix overflow when GLFW_IM_MODULE=ibus is set and ibus is not running ---- split out kitten clarify licenses for subpackages -------------------------------------------------------------------------------- ChangeLog: * Thu Oct 5 2023 Pavel Solovev - 0.30.1-1 - version 0.30.1 * Tue Oct 3 2023 Pavel Solovev - 0.30.0-3 - fix overflow when GLFW_IM_MODULE=ibus is set * Mon Oct 2 2023 Pavel Solovev - 0.30.0-2 - split out kitten - clarify licenses for subpackages -------------------------------------------------------------------------------- References: [ 1 ] Bug #2238648 - golang-github-seancfoley-bintree-1.2.3 is available https://bugzilla.redhat.com/show_bug.cgi?id=2238648 [ 2 ] Bug #2241851 - *** buffer overflow detected ***: terminated https://bugzilla.redhat.com/show_bug.cgi?id=2241851 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2023-ab43e2ce21' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list --
Oct 31, 2023
•Critical
Fedora
89
security advisorysoftware updateFedoraFedora 37: FEDORA-2023-a354113801 Critical: Kitty Clone Issue
fix clone-in-kitty + security fix rhbz#2196803. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2023-a354113801 2023-05-19 01:23:33.798443 --------------------------------------------------------------------------------Name : kitty Product : Fedora 37 Version : 0.26.5 Release : 5.fc37 URL : https://sw.kovidgoyal.net/kitty/ Summary : Cross-platform, fast, feature full, GPU based terminal emulator Description : - Offloads rendering to the GPU for lower system load and buttery smooth scrolling. Uses threaded rendering to minimize input latency. - Supports all modern terminal features: graphics (images), unicode, true-color, OpenType ligatures, mouse protocol, focus tracking, bracketed paste and several new terminal protocol extensions. - Supports tiling multiple terminal windows side by side in different layouts without needing to use an extra program like tmux. - Can be controlled from scripts or the shell prompt, even over SSH. - Has a framework for Kittens, small terminal programs that can be used to extend kitty's functionality. For example, they are used for Unicode input, Hints and Side-by-side diff. - Supports startup sessions which allow you to specify the window/tab layout, working directories and programs to run on startup. - Cross-platform: kitty works on Linux and macOS, but because it uses only OpenGL for rendering, it should be trivial to port to other Unix-like platforms. - Allows you to open the scrollback buffer in a separate window using arbitrary programs of your choice. This is useful for browsing the history comfortably in a pager or editor. - Has multiple copy/paste buffers, like vim. --------------------------------------------------------------------------------Update Information: fix clone-in-kitty + security fix rhbz#2196803 --------------------------------------------------------------------------------ChangeLog: *Wed May 10 2023 Pavel Solovev - 0.26.5-5 - minor spec cleanup, run tests, fix clone-in-kitty * Wed May 10 2023 Pavel Solovev - 0.26.5-4 - don't install kitty-open.desktop --------------------------------------------------------------------------------References: [ 1 ] Bug #2196802 - kitty: should not handle application/x-sh mime type by executing the script https://bugzilla.redhat.com/show_bug.cgi?id=2196802 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2023-a354113801' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list --
May 19, 2023
•Critical
Fedora
89
security advisorymoderatefedoraFedora 38: 2023-0418511dfe Moderate: Kitty Security Update
version 0.28.1, backport security fix.. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2023-0418511dfe 2023-05-19 01:14:41.265566 --------------------------------------------------------------------------------Name : kitty Product : Fedora 38 Version : 0.28.1 Release : 4.fc38 URL : https://sw.kovidgoyal.net/kitty/ Summary : Cross-platform, fast, feature full, GPU based terminal emulator Description : - Offloads rendering to the GPU for lower system load and buttery smooth scrolling. Uses threaded rendering to minimize input latency. - Supports all modern terminal features: graphics (images), unicode, true-color, OpenType ligatures, mouse protocol, focus tracking, bracketed paste and several new terminal protocol extensions. - Supports tiling multiple terminal windows side by side in different layouts without needing to use an extra program like tmux. - Can be controlled from scripts or the shell prompt, even over SSH. - Has a framework for Kittens, small terminal programs that can be used to extend kitty's functionality. For example, they are used for Unicode input, Hints and Side-by-side diff. - Supports startup sessions which allow you to specify the window/tab layout, working directories and programs to run on startup. - Cross-platform: kitty works on Linux and macOS, but because it uses only OpenGL for rendering, it should be trivial to port to other Unix-like platforms. - Allows you to open the scrollback buffer in a separate window using arbitrary programs of your choice. This is useful for browsing the history comfortably in a pager or editor. - Has multiple copy/paste buffers, like vim. --------------------------------------------------------------------------------Update Information: version 0.28.1, backport security fix. --------------------------------------------------------------------------------ChangeLog: * Wed May 10 2023Pavel Solovev - 0.28.1-4 - Ask for permission before executing script files * Mon May 8 2023 Pavel Solovev - 0.28.1-3 - enable shell integration by default - remove unneeded weak dep, add ripgrep as a weak dep * Sat Apr 29 2023 Pavel Solovev - 0.28.1-2 - reenable s390x * Tue Apr 25 2023 Pavel Solovev - 0.28.1-1 - version 0.28.1 (rhbz#2188669) --------------------------------------------------------------------------------References: [ 1 ] Bug #2196802 - kitty: should not handle application/x-sh mime type by executing the script https://bugzilla.redhat.com/show_bug.cgi?id=2196802 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2023-0418511dfe' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list --
May 19, 2023
•Important
Fedora
172
security advisorycriticalremote executionUbuntu 22.04 LTS USN-5659-1 Critical: Kitty Remote Command Execution
kitty could be made to run programs if it opened a specially crafted image or desktop notification.. =========================================================================Ubuntu Security Notice USN-5659-1 October 05, 2022 kitty vulnerabilities ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 22.04 LTS - Ubuntu 20.04 LTS Summary: kitty could be made to run programs if it opened a specially crafted image or desktop notification. Software Description: - kitty: fast, featureful, GPU based terminal emulator Details: Stephane Chauveau discovered that kitty incorrectly handled image filenames with special characters in error messages. A remote attacker could possibly use this to execute arbitrary commands. This issue only affected Ubuntu 20.04 LTS. (CVE-2020-35605) Carter Sande discovered that kitty incorrectly handled escape sequences in desktop notifications. A remote attacker could possibly use this to execute arbitrary commands. This issue only affected Ubuntu 22.04 LTS. (CVE-2022-41322) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 22.04 LTS: kitty 0.21.2-1ubuntu0.22.04.1 Ubuntu 20.04 LTS: kitty 0.15.0-1ubuntu0.2 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-5659-1 CVE-2020-35605, CVE-2022-41322 Package Information: https://launchpad.net/ubuntu/+source/kitty/0.21.2-1ubuntu0.22.04.1 . Debian Security Advisory DSA-4790-1 highlights important updates and remedies for fox vulnerabilities impacting network stability.. Kitty Terminal, Ubuntu Update, Remote Command Execution. . Severity: Critical. LinuxSecurity.com Team
Oct 05, 2022
•Critical
Ubuntu
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!